Ksenia Security Lares WebServer Home Automation Default Credentials

Title: Ksenia Security Lares WebServer Home Automation Default Credentials
Advisory ID: ZSL-2025-5927
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information, DoS
Risk: (5/5)
Release Date: 31.03.2025
Summary
Lares is a burglar alarm & home automation system that can be controlled by means of an ergo LCD keyboard, as well as remotely by telephone, and even via the Internet through a built-in WEB server.
Description
Ksenia Lares uses a weak set of default administrative credentials that can be found and used to gain full control of the system.
Vendor
Ksenia Security S.p.A. - https://www.kseniasecurity.com
Affected Version
Firmware version 1.6
Webserver version 1.0.0.15
Tested On
Ksenia Lares Webserver
Vendor Status
[03.07.2024] Vulnerability discovered.
[27.09.2024] Vendor contacted.
[30.03.2025] No response from the vendor.
[31.03.2025] Public security advisory released.
[11.02.2026] Vendor clarifies that this is not affecting lares 4.0, only the legacy lares model.
PoC
ksenia_creds.txt
Credits
Vulnerability discovered by Mencha Isajlovska - <[email protected]>
References
[1] https://packetstorm.news/files/id/190180/
[2] https://www.cve.org/CVERecord?id=CVE-2025-15111
Changelog
[31.03.2025] - Initial release
[03.04.2025] - Added reference [1]
[11.02.2026] - Changed the title of the advisory and added Vendor Status.
[24.03.2026] - Added reference [2]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: [email protected]